krb5 -- MITKRB5-SA-2011-001, kpropd denial of service

Details

VuXML ID

64f24a1e-66cf-11e0-9deb-f345f3aa24f0

Discovery

2011-02-08

Entry

2011-04-14

An advisory published by the MIT Kerberos team says:

The MIT krb5 KDC database propagation daemon (kpropd) is
vulnerable to a denial-of-service attack triggered by invalid
network input. If a kpropd worker process receives invalid
input that causes it to exit with an abnormal status, it can
cause the termination of the listening process that spawned it,
preventing the slave KDC it was running on from receiving
database updates from the master KDC.

Exploit code is not known to exist, but the vulnerabilities are
easy to trigger manually.

An unauthenticated remote attacker can cause kpropd running in
standalone mode (the "-S" option) to terminate its listening
process, preventing database propagations to the KDC host on
which it was running. Configurations where kpropd runs in
incremental propagation mode ("iprop") or as an inetd server
are not affected.